Initialize the Application

Now the app is ready to be initialized after defining configuration file/dictionary for your app.

Generating Grant tokens

For a Single User(self-authorized)

For self client apps, the self authorized grant token should be generated from the Zoho Developer Console ( The developer console has an option to generate grant token for a user directly. This option may be handy when your app is going to use only one CRM user's credentials for all its operations or for your development testing.

  1. Login to the User's account.
  2. Visit
  3. Click on the Options → Self Client option of the client for which you wish to authorize.
  4. Enter one or more (comma separated) valid Zoho CRM scopes that you wish to authorize in the “Scope” field and choose the time of expiry. Provide “aaaserver.profile.READ” scope along with Zoho CRM scopes.
  5. Copy the grant token that is displayed on the screen.
  6. Generate refresh_token from grant token by making a POST request with the URL below:{grant_token}&redirect_uri={redirect_uri}&client_id={client_id}&client_secret={client_secret}&grant_type=authorization_code

  7. Copy the refresh token for backup.


  • The generated grant token is valid only for the stipulated time you chose while generating it. Hence, the access and refresh tokens should be generated within that time.
  • The OAuth client registration and grant token generation must be done in the same Zoho account's (meaning - login) developer console.

For Multiple Users

For multiple users, it is the responsibility of your client app to generate the grant token from the users trying to login.

  • Your Application's UI must have a "Login with Zoho" option to open the grant token URL of Zoho, which would prompt for the user's Zoho login credentials.
  • Upon successful login of the user, the grant token will be sent as a param to your registered redirect URL.
  • The access and refresh tokens are environment-specific and domain-specific. When you handle various environments and domains such as Production, Sandbox, or Developer and IN, CN, US, EU, or AU, respectively, you must use the access token and refresh token generated only in those respective environments and domains. The SDK throws an error, otherwise.
    For example, if you generate the tokens for your Sandbox environment in the CN domain, you must use only those tokens for that domain and environment. You cannot use the tokens generated for a different environment or a domain.

Generating Access tokens

Access token can be generated by grant token or refresh token. Following any one of the two methods given below is sufficient.

From grant token

The following code snippet should be executed from your main class to get access token.

ZohoOAuthClient client = ZohoOAuthClient.GetInstance();
string grantToken = <paste_grant_token_here>;
ZohoOAuthTokens tokens = client.GenerateAccessToken(grantToken);
string accessToken = tokens.AccessToken;
string refreshToken = tokens.RefreshToken;"

Please paste the generated grant token in the string literal mentioned. This is one time process only.

In case of multiple users using the application, you need to keep note of the following:

  • In order for the SDK to identify the particular user who made the request, the requester's email address should be given through the following code snippet before making the actual method call of the SDK.


In case of Single users, the current user email can be set either through the above code, or in the zcrm_configuration section in the app.config file with the key currentUserEmail as a one time configuration.

From refresh token

The following code snippet should be executed from your main class to get access token.

ZCRMRestClient.Initialize(config); ZohoOAuthClient client = ZohoOAuthClient.GetInstance(); string refreshToken = <paste_refresh_token_here>; string userMailId = <provide_user_email_here>; ZohoOAuthTokens tokens = client. GenerateAccessTokenFromRefreshToken(refreshToken,userMailId);

Please paste the generated refresh token in the string literal mentioned. This is one time process only.


  1. The above code snippet is valid only once per grant token. Upon its successful execution, the generated access and refresh tokens would have been persisted through your persistence handler class.
  2. Once the OAuth tokens have been persisted, subsequent API calls would use the persisted access and refresh tokens. The SDK will take care of refreshing the access token using refresh token, as and when required.

Start the App

The SDK requires the following line of code being invoked every time your app gets started.



  • This method should be called from the main class of your c# application to start the application. It needs to be invoked without any exception.

The SDK also allows for custom initialization, overriding the data from the app.config file. Or, you could also override when there is no need for the config file. The custom initialization scenarios are:

"public static Dictionary<string, string> config = new Dictionary<string, string>()
		{"persistence_handler_class","ZCRMSDK.OAuth.ClientApp.ZohoOAuthDBPersistence, ZCRMSDK"},
		{"logFilePath","{log_file_path}" },


  • Once the SDK has been initialized, you can use any APIs of the SDK to get proper results.

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: